From 885bba0b002e2a70e7808e65a53d6f977ddccd95 Mon Sep 17 00:00:00 2001
From: thestig <thestig@chromium.org>
Date: Mon, 23 May 2016 10:07:03 -0700
Subject: Fix infinite recursion in CPDF_DocPageData::GetColorSpace().

BUG=pdfium:497

Review-Url: https://codereview.chromium.org/2003873002
---
 core/fpdfapi/fpdf_page/fpdf_page_doc.cpp | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

(limited to 'core/fpdfapi/fpdf_page/fpdf_page_doc.cpp')

diff --git a/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp b/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp
index f872906674..f0c5302b95 100644
--- a/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp
+++ b/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp
@@ -19,6 +19,7 @@
 #include "core/fpdfapi/fpdf_parser/include/cpdf_document.h"
 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h"
 #include "core/fpdfapi/include/cpdf_modulemgr.h"
+#include "third_party/base/stl_util.h"
 
 void CPDF_ModuleMgr::InitPageModule() {
   m_pPageModule.reset(new CPDF_PageModule);
@@ -222,17 +223,29 @@ void CPDF_DocPageData::ReleaseFont(CPDF_Dictionary* pFontDict) {
 CPDF_ColorSpace* CPDF_DocPageData::GetColorSpace(
     CPDF_Object* pCSObj,
     const CPDF_Dictionary* pResources) {
+  std::set<CPDF_Object*> visited;
+  return GetColorSpaceImpl(pCSObj, pResources, &visited);
+}
+
+CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceImpl(
+    CPDF_Object* pCSObj,
+    const CPDF_Dictionary* pResources,
+    std::set<CPDF_Object*>* pVisited) {
   if (!pCSObj)
     return nullptr;
 
+  if (pdfium::ContainsKey(*pVisited, pCSObj))
+    return nullptr;
+
   if (pCSObj->IsName()) {
     CFX_ByteString name = pCSObj->GetString();
     CPDF_ColorSpace* pCS = CPDF_ColorSpace::ColorspaceFromName(name);
     if (!pCS && pResources) {
       CPDF_Dictionary* pList = pResources->GetDictBy("ColorSpace");
       if (pList) {
-        pCSObj = pList->GetDirectObjectBy(name);
-        return GetColorSpace(pCSObj, nullptr);
+        pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj);
+        return GetColorSpaceImpl(pList->GetDirectObjectBy(name), nullptr,
+                                 pVisited);
       }
     }
     if (!pCS || !pResources)
@@ -254,14 +267,22 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpace(
         pDefaultCS = pColorSpaces->GetDirectObjectBy("DefaultCMYK");
         break;
     }
-    return pDefaultCS ? GetColorSpace(pDefaultCS, nullptr) : pCS;
+    if (!pDefaultCS)
+      return pCS;
+
+    pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj);
+    return GetColorSpaceImpl(pDefaultCS, nullptr, pVisited);
   }
 
   CPDF_Array* pArray = pCSObj->AsArray();
   if (!pArray || pArray->GetCount() == 0)
     return nullptr;
-  if (pArray->GetCount() == 1)
-    return GetColorSpace(pArray->GetDirectObjectAt(0), pResources);
+
+  if (pArray->GetCount() == 1) {
+    pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj);
+    return GetColorSpaceImpl(pArray->GetDirectObjectAt(0), pResources,
+                             pVisited);
+  }
 
   CPDF_CountedColorSpace* csData = nullptr;
   auto it = m_ColorSpaceMap.find(pCSObj);
-- 
cgit v1.2.3